This how to will allow you step by to configure a Postfix mail server with with virtual hosting. Virtual hosting means that you can add as many mail domains as you want and sub sequentially as many mailboxes for these domains as you want.

Here we we use an LDAP backend for both the MTA (Postfix) and POP3/IMAP server (Dovecot), and a web based management interface.

Optional in this how to is the use of Roundcube webmail and proftpd.

The new version of Roundcube 0.3 allows a webmail user to change his / her (ldap) password, integrate an ldap address book and vacation using ldap (plugin). These features align nicely with the setup used in this how to and also provides an easy interface for the mail user.

This how to is an upgraded and enhanced version of the Ubuntu Intrepid version. Please note that the configuration of Roundcube and Proftpd can be added to a Intrepid / Jaunty setup.

This worked for me, but I cannot guarantee that this set up will work for you so this how to comes without any guarantee.

Assumptions:

This how to assumes the following configurations, if your installation differs from this, then replace the entries below with your actual configuration.

Mail delivery (mailboxes) path:

/home/vmail/domains

User vmail:

UID:1000, GID:1000

User postfix:

UID: 108, GID:108

OpenLDAP base dn:

dc=example,dc=tld

OpenLDAP admin account:

cn=admin,dc=example,dc=tld

Phamm search dn:

o=hosting,dc=example,dc=tld

A read only account for the o=hosting,dc=example,dc=tld tree:

cn=phamm,o=hosting,dc=example,dc=tld

You're using root as the user during this guide.

If you want for example o=maildomains or ou=domains, please make sure to replace o=hosting with what you want, especially in the acl.ldif. This acl file is strict, phamm will not work correctly if it is not exactly as it should be. If you want a different read only user than phamm than replace cn=phamm with cn=wat-you everywhere in this how to.

Step 1: Install And Configure Ubuntu Server

I recommend following the guide below for this (I do not need to rewrite or reinvent what others did better than me) :

and skip the configuration of postfix. We will install and configure Postfix and Dovecot further on in this guide.

Note: all of the URLs and package names are valid at the time of writing of this how to. Best practice is to check if there are new versions available. The directory names for the downloaded and extracted packages need to be changed to ver version number of the respective packages downloaded eg: phamm-0.5.17 to phamm-0.5.xx

So let's get started with the rest.

Download some packages and openldap schema's we will need:

cd /usr/src

Get the latest version of phamm:

wget http://open.rhx.it/phamm/phamm-0.5.17.tar.gz

Unpack the archive:

tar xvzf phamm-0.5.17.tar.gz

Step2: Install and configure openldap

The configuration of OpenLDAP got a bit (more) complicated. cn=config is still used, but when installing the packages from the repositories only a skeleton configuration of openldap is installed.

You're not asked anymore to provide a password when the package is installed and issuing the "dpkg-reconfigure slapd" only resest openldap to the skeleton configuration. You will have to setup the openldap database, root dn and acl's your self using the root account (or sudo) in order to configure openldap.

Install openldap and ldap-utils:

aptitude install slapd ldap-utils

Change into the /etc/ldap directory:

cd /etc/ldap

Copy the phamm.schema and perversia.net.schema from the phamm package to the schema directory:

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/phamm.schema
include /etc/ldap/schema/ISPEnv2.schema
include /etc/ldap/schema/amavis.schema
include /etc/ldap/schema/pureftpd.schema
include /etc/ldap/schema/perversia.net.schema

Now we will convert the shemas:

mkdir ldif slaptest -f convert -F ldif

Now we change in to the directory that contains the converted schemas:

Safe the file and issue the following command to load the module and initialize the database:

ldapadd -Y EXTERNAL -H ldapi:// -f db.ldif

Please note the olcRootPW: example which sets the RootPW to example. Replace example witch a password of your choice.

Now we create the base dn and the admin account for the openldap server as well as the o=hosting and phamm account.

Modify the text below to your needs and wants and generate a password for the admin account. The hash currently in this file sets the password to example. The crypt for the phamm account results in the password readonly.

To create crypt a password for the admin account issue the following command:

slappasswd -h {MD5}

Type the wanted pasword twice and copy the result in to the text below.

There are some acl's set in the openldap setup that prevent phpldapadmin to interface with the directory, so we will remove them now and set openldap to the default cn=admin,cn=config. From this moment on the openldap can be configured and manipulated as before, but no longer by issuing commands like ldapadd -Y EXTERNAL -H ldapi:// -f file but rather ldapadd -x -Y EXTERNAL -H ldapi:// -D cn=admin,cn=config -W -f file.

Create a file called config.ldif and paste the text below in to it. However do not forget to replace the olcRootPW hash with the hash you created above.